← HARICA cases
Bugzilla #1945389
Delayed Revocation
HARICA: delayed revocation for bug 1943596
RESOLVED
FIXED
HARICA
AI Summary
HARICA faced a delayed revocation of 43 mis-issued S/MIME SV certificates that were supposed to be revoked by January 27, 2025. The revocation process was manual and assigned to a Validation Specialist who overlooked the task, resulting in 35 certificates not being revoked on time. Upon discovering the oversight on January 31, 2025, HARICA promptly revoked the remaining certificates and implemented process improvements to prevent future occurrences, including automation of the revocation scheduling. A full incident report was published detailing the root causes and corrective actions taken.
Chronology
- HARICA identified 43 SV S/MIME certificates impacted by bug 1943596.
- Validation Specialist overlooked the assigned revocation task.
- HARICA discovered 35 certificates had not been revoked.
- Action items for process improvements completed and pushed to production.
Participants
Dimitris Zacharopoulos
External References
Similar Local Cases
HARICA: Delayed revocation for non-BR-compliant CA Certificates within 7 days
Entrust: Delayed revocation of clientAuth TLS Certificates without serverAuth EKU
Microsec: Delayed revocation of the misissued certificates
Asseco DS / Certum: Delayed revocation of S/MIME certificates issued with mailbox validation older than 30 days
D-Trust: Delay beyond 5 days in revoking misissued certificate
e-commerce monitoring GmbH: Delayed revocation
CFCA: The delay in revocation of ICA
Buypass: TLS certificates not revoked within 5 days